Microsoft security alert.
December 9, 2008
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 32 vulnerabilities that were fixed in 9 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 9 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-010)
- Severity
- Urgent 5
- Qualys ID
- 90474
- Vendor Reference
- MS09-010
- CVE Reference
- CVE-2008-4841, CVE-2009-0087, CVE-2009-0088, CVE-2009-0235
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
WordPad is a default component of Microsoft Windows operating systems. Text converters in WordPad allow users who do not have Microsoft Office Word installed to open documents in various Microsoft Windows file formats. The Microsoft Office WordPerfect 6.x Converter helps users convert documents from Corel WordPerfect 6.x file formats to Microsoft Office Word file formats.
Multiple vulnerabilities listed below have been identified in WordPad and Office Text Converters:
- A memory corruption vulnerability in WordPad and Office Text Converter exists in the way the applications process memory when a user opens a specially crafted Word 6 file that includes malformed data. A remote attacker can exploit this flaw to execute arbitrary code. (CVE-2009-0087)
- A stack-based buffer overflow vulnerability exists when parsing a specially crafted Word 97 document. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed list structure. (CVE-2008-4841)
- A stack corruption vulnerability in Word 2000 WordPerfect 6.x Converter exists in the way that the converter processes memory when parsing a specially crafted WordPerfect document. (CVE-2009-0088)
- A stack-based buffer overflow vulnerability exists in WordPad as a result of memory corruption when a user opens a specially crafted Word file. This can be exploited by a remote attacker to execute arbitrary code. (CVE-2009-0235)
Microsoft has released a security update to address these vulnerabilities by modifying the way that Microsoft Office Word and Office text converters handle opening specially crafted Word 6.0, Windows Write, and WordPerfect documents. It also addresses the vulnerabilities by implementing fixes to WordPad and by preventing WordPad on affected platforms from opening Word 6.0 and Windows Write files.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
April 2009 Security Updates Are Now Available On the ECE (KB960477, 923561)
- Consequence
- Successful exploitation of this vulnerability allows an attacker to run arbitrary code as the logged-on user if a specially crafted file is opened in WordPad or Microsoft Office Word. An attacker with administrative rights can take complete control of the affected system and then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
For Office Users:-
In order to resolve this issue, install following office patches:- "office2000-KB921606-FullFile-ENU.exe, office2003-KB960476-FullFile-ENU.exe, officexp-KB933399-FullFile-ENU.exe" along with windows patches "Windows2000-KB923561-x86-ENU.EXE, WindowsServer2003-KB923561-ia64-ENU.exe, WindowsServer2003-KB923561-x86-ENU.exe, WindowsServer2003.WindowsXP-KB923561-x64-ENU.exe, WindowsXP-KB923561-x86-ENU.exe"
For Non-Office Users:-
In order to resolve this issue, install following Windows patches:- "Windows2000-KB923561-x86-ENU.EXE, WindowsServer2003-KB923561-ia64-ENU.exe, WindowsServer2003-KB923561-x86-ENU.exe, WindowsServer2003.WindowsXP-KB923561-x64-ENU.exe, WindowsXP-KB923561-x86-ENU.exe"
Workaround:
1) Avoid opening or saving Microsoft Office files received from untrusted sources2) Disable the Word 6 converter by restricting access by applying an access control list to affected converters to ensure that the converter is no longer loaded by WordPad and Office.
Impact of the workaround: Conversion of Word 6 documents to WordPad RTF or Word 2003 documents will no longer work.
3) Disable the Office text converter by restricting access by applying an access list to the affected converter to ensure it is no longer loaded by Microsoft Office Word.
Impact of the workaround: Microsoft Office Word will no longer load WordPerfect documents.
Detailed information on applying access lists to disable Word 6 and Office text converter can be found in Microsoft Security Bulletin MS09-010.
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3)
Microsoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3)
Microsoft Office Converter Pack
Refer to Microsoft Security Bulletin MS09-010 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS09-010 Microsoft Office 2000 Service Pack 3(Microsoft Office Word 2000 Service Pack 3)
MS09-010 Microsoft Office Converter Pack
MS09-010 Microsoft Office XP Service Pack 3(Microsoft Office Word 2002 Service Pack 3)
MS09-010 Microsoft Windows 2000 Service Pack 4
MS09-010 Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
MS09-010 Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
MS09-010 Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
MS09-010 Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
MS09-010 Windows XP Service Pack 2 and Windows XP Service Pack 3
-
Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability (MS08-070)
- Severity
- Critical 4
- Qualys ID
- 90473
- Vendor Reference
- MS08-070
- CVE Reference
- CVE-2008-3704, CVE-2008-4252, CVE-2008-4253, CVE-2008-4254, CVE-2008-4255, CVE-2008-4256
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
A remote code execution vulnerability exists in DataGrid, FlexGrid, Hierarchical Flexgrid, Windows Common, Charts and Masked Edit ActiveX controls for Visual Basic 6.
An attacker can exploit this vulnerability by constructing a specially-crafted web page and making the user visit this page.
- Consequence
- An attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user.
- Solution
-
Refer to MS08-070 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS08-070 Microsoft Office Project 2003 Service Pack 3
MS08-070 Microsoft Office Project 2007
-
Microsoft Windows GDI+ Remote Code Execution Vulnerability (MS08-071)
- Severity
- Critical 4
- Qualys ID
- 90469
- Vendor Reference
- MS08-071
- CVE Reference
- CVE-2008-2249, CVE-2008-3465
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
This security update resolves two vulnerabilities in GDI by modifying the way GDI validates file size parameters and performs integer calculations to prevent overflow conditions.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB956802)
- Consequence
- Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=3B775FB1-1077-455D-AF4A-4CCB5237974FWindows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=2151FBBA-C464-4D1E-82D4-5B096E82BED0Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2247F6A5-AA33-4C68-9EA8-A63488D126D3Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=0C396796-0929-4CD2-99E8-3C0F7075A89EWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=6D5C7D2F-1A82-4CDF-B3F2-B2C2390C6A64Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=1EDB62B4-3D0F-4891-B4B3-8F8BC4E7BDFEWindows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=CDDF9CF6-BDEB-4429-823A-879387A428D7Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=73DC3775-B6F0-40F1-BD36-6B5FB80EB2FAWindows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=BBED9E8B-E75E-44EF-BA1D-FD6F852C1F67Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48AECF4C-1296-490D-BA37-A28E3EC19BD6Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=9BFE15CD-02FF-45CF-85C8-5FF1E6C1A871Refer to Micrsoft Security Bulletin MS08-071 for further details.
-
Microsoft Word Multiple Remote Code Execution Vulnerabilities (MS08-072)
- Severity
- Critical 4
- Qualys ID
- 110092
- Vendor Reference
- MS08-072
- CVE Reference
- CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4028, CVE-2008-4030, CVE-2008-4031, CVE-2008-4837
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Word is prone to multiple remote code execution vulnerabilities. The security update addresses the following issues:
- Word Memory Corruption Vulnerability (CVE-2008-4024)
- Word RTF Object Parsing Vulnerability (CVE-2008-4025)
- Word Memory Corruption Vulnerability (CVE-2008-4026)
- Word RTF Object Parsing Vulnerability (CVE-2008-4027)
- Word RTF Object Parsing Vulnerability (CVE-2008-4028)
- Word RTF Object Parsing Vulnerability (CVE-2008-4030)
- Word RTF Object Parsing Vulnerability (CVE-2008-4031)
- Word Memory Corruption Vulnerability (CVE-2008-4837) - Consequence
- An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Office Word 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=43e8c4d8-307b-48f6-ac99-a9617421d40aMicrosoft Office XP Service Pack 3 (Microsoft Office Word 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3ef41412-50b3-4077-b0e3-9a3704d2f876Microsoft Office 2003 Service Pack 3 (Microsoft Office Word 2003 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=45c81c60-4b1b-4246-839b-198ebc4eeae22007 Microsoft Office System (Microsoft Office Word 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c372007 Microsoft Office System (Microsoft Office Outlook 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c372007 Microsoft Office System Service Pack 1 (Microsoft Office Word 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c372007 Microsoft Office System Service Pack 1 (Microsoft Office Outlook 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=5b51cb5e-3899-4257-82cf-7e92fa619c37Microsoft Office Word Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415cMicrosoft Office Word Viewer:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70de7c3c-519f-4f4a-a03f-027f80b5415cMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=55430121-4476-48b8-9f6f-4a60fa0b2970For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-072.
-
Microsoft Internet Explorer Cumulative Security Update (MS08-073)
- Severity
- Critical 4
- Qualys ID
- 100064
- Vendor Reference
- MS08-073
- CVE Reference
- CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
This critical security update resolves vulnerabilities existing in Microsoft Internet Explorer, including the following: parameter validation memory corruption vulnerability, HTML objects memory corruption vulnerability, uninitialized memory corruption, and HTML rendering memory corruption vulnerability.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB958215)
- Consequence
- An attacker who successfully exploits these vulnerabilities could gain the same user rights as the logged-on user.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 5.01 Service Pack 4):
http://www.microsoft.com/downloads/details.aspx?familyid=c242ba42-556b-4c87-bf33-9d99166ff096Microsoft Windows 2000 Service Pack 4 (Microsoft Internet Explorer 6 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?familyid=c0583745-7e57-4265-9429-c3415cb8465fWindows XP Service Pack 2 and Windows XP Service Pack 3 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=af9a6cb0-725d-490c-9858-16ec40e98560Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=60bf9851-24fe-4658-8333-d353e82063c7Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=d53adf6f-9501-4862-a1ca-57eb4d40cd75Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=5e37cb34-32be-4bbe-87f3-c4e1974e4d00Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft Internet Explorer 6):
http://www.microsoft.com/downloads/details.aspx?familyid=0da4e424-4682-4401-a226-7d8f1be19d44Windows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=1b582695-b3cc-4c65-bc4b-d673c9a6d82aWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=107cf54b-29d4-4c54-b091-2b5b3ffbf49dWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Internet Explorer 7):
http://www.microsoft.com/downloads/details.aspx?familyid=9cdd4f9e-c578-405c-af9e-628f2d77fdf4For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-073.
-
Microsoft Excel Multiple Remote Code Execution Vulnerabilities (MS08-074)
- Severity
- Critical 4
- Qualys ID
- 110090
- Vendor Reference
- MS08-074
- CVE Reference
- CVE-2008-4264, CVE-2008-4265, CVE-2008-4266
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft Excel is prone to multiple remote code execution vulnerabilities. The security update addresses the following issues:
- Excel File Format Parsing Vulnerability when loading formulas (CVE-2008-4264)
- Excel File Format Parsing Vulnerability when loading records (CVE-2008-4265)
- Excel Global Array Memory Corruption Vulnerability (CVE-2008-4266) - Consequence
- An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office 2000 Service Pack 3 (Microsoft Office Excel 2000 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=f39d2a49-f861-4f2d-bf91-94a8a85af40cMicrosoft Office XP Service Pack 3 (Microsoft Office Excel 2002 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=72076e21-2aa3-48e8-883a-c3cb756fc72aMicrosoft Office 2003 Service Pack 3 (Microsoft Office Excel 2003 Service Pack 3):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6c0771e5-fcd4-4365-b903-1a3bd95d9e662007 Microsoft Office System (Microsoft Office Excel 2007):
http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccf2007 Microsoft Office System Service Pack 1 (Microsoft Office Excel 2007 Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=68bb8d99-f28b-4efd-9314-3eee0bb00ccfMicrosoft Office Excel Viewer 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936eMicrosoft Office Excel Viewer 2003 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4b3989ef-02b8-4bd2-b2ab-c3716079936eMicrosoft Office Excel Viewer:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9dbb35c1-aa7a-481b-a330-8ba916ddd443Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats:
http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4fMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=99cca4ed-f1f9-4cfd-a986-edbec82ced4fMicrosoft Office 2004 for Mac:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ECA13AD8-62AE-41A8-B308-41E2D1773820For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-074.
-
Microsoft Windows Search Remote Code Execution Vulnerability (MS08-075)
- Severity
- Critical 4
- Qualys ID
- 90471
- Vendor Reference
- MS08-075
- CVE Reference
- CVE-2008-4268, CVE-2008-4269
- CVSS Scores
- Base 8.5 / Temporal 6.7
- Description
-
Microsoft Windows Search allows instant search capabilities for data and files. Microsoft Windows Search is a standard component of Windows Vista and Windows Server 2008 that is enabled by default.
Microsoft Search is prone to a remote code execution vulnerability if a user opens and saves a specially-crafted saved search file within Windows Explorer, or if a user clicks a specially-crafted search URL. This is because Windows Explorer does not correctly free memory when saving Windows Search files and does not correctly interpret parameters when parsing the search-ms protocol.
- Consequence
- An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0DCC5373-0435-42D5-864D-298E5BB122D9Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=5B1B65F0-6848-47C6-BDD5-BE3C0621B323Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2112C5C8-7C9F-4491-B127-B1093085E105Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=EB1D0FFE-1644-457B-9E82-768BD4C7F7ABWindows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=90AB7E6F-5AE7-4F55-8838-868FC98D8A16Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=470D506F-77AE-4A44-8598-DF645F484295Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E1DEAB57-ADA2-4B12-9157-5615E7B0071DWindows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E41F23E4-6A2F-4EBB-B425-D241A08DA316Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48BED90D-C243-4969-8E54-326D9A7AF343Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=83DE2263-DE2A-4C13-96BA-ECFEBDAF0BB9Refer to Micrsoft Security Bulletin MS08-075 for further details.
-
Microsoft Windows Media Components Remote Code Execution Vulnerability (MS08-076)
- Severity
- Critical 4
- Qualys ID
- 90470
- Vendor Reference
- MS08-076
- CVE Reference
- CVE-2008-3009, CVE-2008-3010
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
This security update addresses two vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services.
The security update addresses the first vulnerability by modifying the way that Windows Media authentication replies are validated. The security update addresses the second vulnerability by ensuring that Windows Media clients treat servers using ISATAP addresses as external.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
January 2009 Security Updates for Runtimes Are Available (KB952069)
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB954600)
- Consequence
- The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Windows 2000 Server Service Pack 4 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C33D558E-45F9-4E85-B48C-03BD0E8CB4BCWindows XP Service Pack 2 and Windows XP Service Pack 3 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=99241309-E644-4088-A8F3-38837FAB4037Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=946D47C9-B208-4FAB-8EF6-774413D61BC8Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2315CE20-2F46-42C2-BB40-045F003409D7Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 (Windows Media Player 6.4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C29BED9-1B88-4D2F-80A5-305C2BEDD89FMicrosoft Windows 2000 Service Pack 4 (Windows Media Format Runtime 7.1 and Windows Media Format Runtime 9.0):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A459497-0AB8-41CB-87D0-B551631D8D8AWindows XP Service Pack 2 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):
http://www.microsoft.com/downloads/details.aspx?FamilyId=504F816C-F554-4B93-AC28-B085574D9BACWindows XP Service Pack 3 (Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD76FCF3-A2F9-4E36-BD1B-C1536749173CWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5):
http://www.microsoft.com/downloads/details.aspx?FamilyId=644EF023-EE40-45B0-9C9D-C76D9FAB0005Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 (Windows Media Format Runtime 9.5 x64 Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=AE9E8B07-5354-42F3-A226-BA2193244524For a complete list of patch download links, please refer to Micrsoft Security Bulletin MS08-076.
-
Microsoft Office SharePoint Server Privilege Elevation Vulnerability (MS08-077)
- Severity
- Critical 4
- Qualys ID
- 90472
- Vendor Reference
- MS08-077
- CVE Reference
- CVE-2008-4032
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
- This security update resolves a privately reported vulnerability in Microsoft Office SharePoint Server.
- Consequence
- The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Office SharePoint Server 2007 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3eMicrosoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3eMicrosoft Office SharePoint Server 2007 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86Microsoft Search Server 2008 (32-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=f8f73997-6f4c-4b43-aa50-5c8276e83d3eMicrosoft Search Server 2008 (64-bit editions):
http://www.microsoft.com/downloads/details.aspx?familyid=a7fda284-273c-42ab-8188-433beaacca86Refer to Micrsoft Security Bulletin MS08-077 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 1.22.76-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 90474
- 90473
- 90469
- 110092
- 100064
- 110090
- 90471
- 90470
- 90472
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.